RedTeam Labs

Information Security Vulnerablities, Exploit Code and News

CATEGORIES:      Company News General Industry News Research List View

Application Pen Testing Add-on for Firefox

Category: Research Tags: security app sec firefox add-on
Posted by: labs@redteamsecure.com (Jeremiah Talamantes) on 2010-01-28 18:01:43

The other day I came across a nice little utility that would aid a pen tester in their testing efforts. It's called Groundspeed and it's an add-on for Firefox.

Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate limitations and client-side controls that interfere with the web application penetration tests.

Some practical uses include:


  1. Changing the types of form fields, for example you can change hidden fields into text fields so you can easily edit their contents.

  2. Quickly removing size and length limitations on text fields so you have more space to type your attack strings.

  3. Changing form target so the form submits in another tab.

  4. Removing or editing the JavaScript event handlers to bypass client side validation.




Check out the add-on here!



Share |



Follow Our Twitter

Follow Our RSS

Share this: |


Categories



DISCLAIMER
    The content, tools, methodologies and proof of concept code contained in these articles are in no way intended to be used for malicious intent. This information is to be used for educational purposes only. RedTeam Security does not condone the malicious use nor does it warranty the use of any of the content contained herein.


Contact Us

Phone number:
1-612-234-7848

E-mail:

info@redteamsecure.com